we have session sticky configured based on a parameter of sessionid attached in http url in F5. we want to keep the existing connections to the same Tomcat server even when health check on it is failed? (failed when F5 gets from a web page with "MA" ). Set "Action on service down" to "none" , but when HTTP Redirect happens in the client , the F5 will treat it as new connection? is it possible to identify a connection based on the "sessionid" , just like session sticky rule?

I think the interesting part lies within: - "but when HTTP Redirect happens in the client , the F5 will treat it as new connection?" Answer is no. Normally, a teardown of the existing TCP connection does not occur upon a HTTP redirect EXCEPT when the redirect response has a "Connection: Close" header. Assuming it's an App that uses modern version of HTTP (HTTP/1.1 or Speedy), then multiple HTTP redirects can occur on top of the same TCP session. What to do? Verify if the Connection: Close header is included in a HTTP redirect response which specifies the Location: https://the.sameapp.com/new-path header (use Chrome or FF DevTools)

Thanks for the answer; we did a tcpdump on the client, and found that when redirect happened, the TCP port used by the client changed, would it be identified by F5 as a new TCP connection?

Yes, a new TCP connection, however your persistence (session sticky is the name used by Cisco ACE and others Cisco stuff) is based in layer 7 information. If the request made to follow the redirect uses the same sessionid, that new connection will persist to the same server (so no new load balance decision).

Keep the existing connections to the same Tomcat server

14 Replies

Hannes_Rapp
Nimbostratus
Nov 30, 2016
I think the interesting part lies within: - "but when HTTP Redirect happens in the client , the F5 will treat it as new connection?"

Answer is no. Normally, a teardown of the existing TCP connection does not occur upon a HTTP redirect EXCEPT when the redirect response has a "Connection: Close" header. Assuming it's an App that uses modern version of HTTP (HTTP/1.1 or Speedy), then multiple HTTP redirects can occur on top of the same TCP session.

What to do?

Verify if the
Connection: Close
header is included in a HTTP redirect response which specifies the
Location: https://the.sameapp.com/new-path
header (use Chrome or FF DevTools)
- Jacob_SLY_26625
  Nimbostratus
  Dec 01, 2016
  Thanks for the answer; we did a tcpdump on the client, and found that when redirect happened, the TCP port used by the client changed, would it be identified by F5 as a new TCP connection?
- Leonardo_Souza
  Cirrocumulus
  Dec 01, 2016
  Yes, a new TCP connection, however your persistence (session sticky is the name used by Cisco ACE and others Cisco stuff) is based in layer 7 information. If the request made to follow the redirect uses the same sessionid, that new connection will persist to the same server (so no new load balance decision).
- Jacob_SLY_26625
  Nimbostratus
  Dec 02, 2016
  In sunny days, the session sticky rule works fine, even for redirect. but when a web server is forced to "MA" status(a jsp file monitored by Health monitor), the connection was dropped when redirect request happen.
  
  is it possible to make a tomcat server to offline automatically and no impact to the existing connections with session sticky configured?
Hannes_Rapp_162
Nacreous
Nov 30, 2016
I think the interesting part lies within: - "but when HTTP Redirect happens in the client , the F5 will treat it as new connection?"

Answer is no. Normally, a teardown of the existing TCP connection does not occur upon a HTTP redirect EXCEPT when the redirect response has a "Connection: Close" header. Assuming it's an App that uses modern version of HTTP (HTTP/1.1 or Speedy), then multiple HTTP redirects can occur on top of the same TCP session.

What to do?

Verify if the
Connection: Close
header is included in a HTTP redirect response which specifies the
Location: https://the.sameapp.com/new-path
header (use Chrome or FF DevTools)
- Jacob_SLY_26625
  Nimbostratus
  Dec 01, 2016
  Thanks for the answer; we did a tcpdump on the client, and found that when redirect happened, the TCP port used by the client changed, would it be identified by F5 as a new TCP connection?
- Leonardo_Souza
  Cirrocumulus
  Dec 01, 2016
  Yes, a new TCP connection, however your persistence (session sticky is the name used by Cisco ACE and others Cisco stuff) is based in layer 7 information. If the request made to follow the redirect uses the same sessionid, that new connection will persist to the same server (so no new load balance decision).
- Jacob_SLY_26625
  Nimbostratus
  Dec 02, 2016
  In sunny days, the session sticky rule works fine, even for redirect. but when a web server is forced to "MA" status(a jsp file monitored by Health monitor), the connection was dropped when redirect request happen.
  
  is it possible to make a tomcat server to offline automatically and no impact to the existing connections with session sticky configured?